1995-10-11 - Re: Hal’s Third Challenge?

Header Data

From: Andy Brown <asb@nexor.co.uk>
To: Piete Brooks <Piete.Brooks@computer-lab.cambridge.ac.uk>
Message Hash: be3d206d08d0bbe73d05b8efd2279fc82f278ffb689fde874da44ff633bac545
Message ID: <Pine.SOL.3.91.951011094131.1754D-100000@eagle.nexor.co.uk>
Reply To: <“swan.cl.cam.:012510:951010200606”@cl.cam.ac.uk>
UTC Datetime: 1995-10-11 09:08:46 UTC
Raw Date: Wed, 11 Oct 95 02:08:46 PDT

Raw message

From: Andy Brown <asb@nexor.co.uk>
Date: Wed, 11 Oct 95 02:08:46 PDT
To: Piete Brooks <Piete.Brooks@computer-lab.cambridge.ac.uk>
Subject: Re: Hal's Third Challenge?
In-Reply-To: <"swan.cl.cam.:012510:951010200606"@cl.cam.ac.uk>
Message-ID: <Pine.SOL.3.91.951011094131.1754D-100000@eagle.nexor.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 10 Oct 1995, Piete Brooks wrote:

> It seems that microsoft was the one to go for, as they too use 40 bit for
> each session ....  If someone can generate the CRACKing code and someone can
> donate an example, I'd be DELIGHTED to arrange another BRUTE !

If you mean STT, they're using a hotch-potch of methods in the exportable 
version.  40 bit RC4 protects the purchase order form and receipt, single 
DES-CBC protects the financial data and they claim that direct RSA 
protects the credit card numbers although this is far from clear from the 
specification (can someone clarify this?).

So you're going to need brutedes and/or some network factoring code (the 
smallest modulus they use is 512 bits which, realistically we do not have 
a chance of attacking in a reasonable time).


Regards,

- Andy

+-------------------------------------------------------------------------+
| Andrew Brown  Internet <asb@nexor.co.uk>  Telephone +44 115 952 0585    |
| PGP (2048/9611055D): 69 AA EF 72 80 7A 63 3A  C0 1F 9F 66 64 02 4C 88   |
+-------------------------------------------------------------------------+





Thread